As the risk and impact of business human rights and other ESG failings become ever more apparent, the EU's plan for a mandatory supply chain due diligence regime gains pace. The proposed regime will have potentially far-reaching implications for businesses and their value chains. In this briefing we analyse the scope and impact of the current EU proposals, as well as key timings and next steps.
Business & Human Rights Update: EU Supply Chain Directive proposals
The EU Parliament last week backed an ambitious report supporting the introduction of a new mandatory human rights, environmental and governance regime. The key aim of this proposal is to promote "corporate due diligence and corporate accountability" by focusing on mandatory human rights, environmental and governance due diligence throughout an organisation's value chain (the "HRDD ").
The EU’s Commissioner for Justice, Didier Reynders, has said that he will propose legislation in the second quarter of this year. We anticipate, however, some divergence from the Parliament's current proposals as the Commission has received push back from certain members of industry. Despite clear political support, this legislative process still has some way to go. Once finally agreed upon by the EU, this legislation will need to be implemented into the national laws of EU Member States.
The latest EU proposal tracks recent developments in the UK requiring due diligence on forest risk commodities (see here), as well as progress at EU Member State level on anti-slavery and human trafficking legislation and enhanced obligations under the UK's Modern Slavery Act ("MSA"), including the recent introduction of a centralised registry for MSA statements (see here for further information).
More generally, the importance of good supply chain management continues to make headlines, for example the recent modern slavery allegations involving the Leicester, UK textile manufacturing industry (covered in our article here) and the United States' subsequent proposal to ban imports from companies involved in human rights abuse allegations worldwide.
These latest EU proposals also reflect a wider trend towards corporate and parent company liability with respect to the actions of global subsidiaries and supply chains. Indeed, the concept of parental company liability was recently re-examined by the English Supreme Court when handing down a judgment in relation to Royal Dutch Shell (see Travers Smith's latest article on Corporate liability: the expanding scope of risk for further information).
The objective of the Commission is to foster a sustainable, fair and competitive EU economy as we recover from the current crisis. This initiative will be an important contribution to achieving those goals.
Scope of the proposed HRDD?
The proposed EU regime builds on mechanisms in the UK's Modern Slavery Act ("MSA") (recently considered in our latest Transparency and Supply Chains briefing), albeit with enhanced prescriptive obligations, a widening of scope to include environmental and governance issues as well as materially more onerous legal consequences for non-compliance.
Under Article 2 of the draft HRDD directive, the new rules would apply both to undertakings incorporated and/or domiciled in an EU Member State and limited liability undertakings established outside the EU selling goods or services in the internal market.
The current proposals contain an exemption for micro-undertakings,1 but do not currently contain any other exemptions concerning an organisation's size or annual revenue. This broad scope could potentially capture a variety of UK businesses, including UK-based asset managers and LLPs. This low bar to qualification has been the subject of much debate during the recent EU Parliament discussions, with some worried that the proposals would place a significant compliance burden on SMEs in particular.
1 Defined in Directive 2013/34/EU as undertakings which on their balance sheet dates do not exceed the limits of at least two of the three following criteria:(a) balance sheet total: EUR 350 000; (b) net turnover: EUR 700 000; (c) average number of employees during the financial year: 10.
What due diligence will be required?
The level of due diligence required under the HRDD is still under review, but initial proposals suggest that there will be a mandatory obligation to implement an adequate compliance system including:
- identifying and assessing human rights, environmental and governance risks and to establish a due diligence strategy (to be reviewed annually); and
- carrying out proportionate supply and value chain due diligence.
The EU proposals are likely to result in similar compliance systems to those that many have developed further to the UK's MSA. For example, assessing ESG value chain risk, communicating expectations and standards with business partners, contractual clauses protecting against human rights breaches and the implementation of supplier codes of conduct. Notably, the draft HRDD directive goes further than the MSA by introducing the concept of a "value chain", which, in addition to encompassing up-stream suppliers of products and services, would also capture down-stream customers and business relationships.
As above, current proposals look to capture a wider range of risks than those covered under the UK's MSA, by requiring due diligence processes in respect of environmental and governance risks, in addition to human rights.
For those organisations with significant human rights and other ESG risks (for example, businesses operating in the mining, agriculture or the construction sectors), consultations with at-risk stakeholders and trade unions on due diligence strategies may be required. It is also suggested that such organisations may need to establish grievance mechanisms and provide stakeholders with opportunities to raise concerns.
Detailed guidance is expected from the Commission in due course on what such adequate due diligence and stakeholder engagement procedures will need to cover.
Legal liability risk for businesses
The draft HRDD directive seeks to introduce a significant penalty regime, including:
- allowing Member States to issue interim orders for non-compliance causing irreparable harm, such as temporarily suspending business operations;
- penalties potentially “comparable in magnitude to fines currently provided for in competition law and data protection law” (which for competition law can be as high as up to 10% of global turnover, or for GDPR up to the higher of EURO 10M or 2% global turnover); and
- criminal offences for repeated intentional infringements (or those with serious negligence), punishable by "adequate" criminal penalties.
With regard to civil liability, it has been proposed that conducting adequate due diligence in compliance with the new mandatory regime would not necessarily absolve the companies of any civil liability pursuant to national law. Of particular note, through an envisaged amendment of the EU’s recast Brussels I Regulation, a parent company domiciled in a Member State could be sued either in its EU home country or in the EU country in which it operates for damage caused in a third country by a subsidiary or certain business partners.
Additionally, the EU’s Rome II Regulation, concerning relevant applicable law, is under review. Current proposals seek to allow claimants to choose the applicable law from (i) the law of the country in which a parent company is based or, if outside the EU, the law of the country where it operates, (ii) the law of the country in which the damage occurred or (iii) the law of the country in which the event giving rise to the damage occurred. Allowing victims to choose the applicable law would allow the substantive provisions of the draft HRDD directive to apply in practice and arguably this may enable parent companies to be held accountable for causing irreparable harm outside of the EU. This will be an important area for inhouse legal teams to monitor as well as the recent developments in English case law on parental company liability.
Litigation risk will also be further increased by yet more public disclosure obligations under the new regime, which include a requirement for due diligence strategies to be published on an organisation's website (Article 6 of the draft HRDD directive).
Next steps towards implementation
- The EU Parliament's proposals (agreed on 10 March 2021) will feed into legislation that is due to be tabled by the European Commission in the coming weeks.
- The Commission is currently in the process of finalising the results of the public consultation conducted on sustainable corporate governance, which closed on 8 February 2021 and received more than 470,000 contributions. A related impact assessment is also currently being prepared. The Commission's legislative proposal is anticipated in the summer of 2021.
- If the directive is ultimately adopted by the EU, it would then need to be implemented into the national laws of EU Member States.
Business human rights is set to become an increasingly hot topic in the coming year. These latest EU proposals, together with novel corporate liability case law and developments in relation to sustainable finance, will keep human rights and ESG firmly on the corporate agenda.
In addition to carefully monitoring EU developments in this area, organisations should continue to identify and assess the potential for adverse ESG risks in relation to both their business and value chains. National legislative changes (including under the UK's MSA) should also be carefully monitored to ensure ongoing compliance and preparedness for the enhanced proposals in the pipeline. Where applicable, ESG due diligence should move away from a “tick box” exercise towards a more meaningful and ongoing commitment.